A data breach is dampening the fun at Poshmark, the social-fueled online fashion marketplace known for its virtual “live” parties. The company disclosed yesterday that an unauthorized party gained access to its servers and swiped users’ personal information, including full names, usernames, hashed passwords, gender, and cities of residence. The hacker also stole user emails and social media profile information from users who connected with Poshmark on social media. To add insult to injury, clothing size preferences were also stolen.
In a blog post and a security notice posted on its website, Poshmark did not reveal when the breach occurred or when the company found out about it. It did, however, say that no financial data or physical addresses were taken in the recent breach. Poshmark believes that passwords were not compromised, as they were scrambled when swiped, and says the data breach was limited to the U.S. Change your passwords anyway (but not to one of these).
“We take the trust you have placed in us extremely seriously, and since learning of this incident, we’ve expanded our security measures even further,” Poshmark’s announcement read. “We’ve conducted an internal investigation, retained a leading security forensics firm, and have implemented enhanced security measures across all systems to help prevent this type of incident from happening in the future.”
Poshmark isn’t the first online fashion retailer to be hacked—that ignominious honor goes to SHEIN, which announced last year a similar security breach where a hacker stole the details of 6.42 million users. According to ZDNet, that stolen data has been sold and is showing up online. Cool.